Test/Evaluation: Memory Integrity Attack Simulation

This task will create an attack simulation towards memory integrity violation:

  • OS: Linux
  • Arch: x86_32
  • Application: User mode
  • Details:
    • Have App A be the attacker application that modifies App B memory contents (code and/or data)
    • App B can be a CPS controller application for example
    • Create the following repository: https://github.com/uberspark/tests-and-evaluation.git
    • Host simulated attack sources within folder simulated-attacks/mem-integrity
    • Get App B memory map and be able to poke (write) to code and/or data; we can assume su privileges for App A

I am working on a model where we have a socket client (App A) connect to a socket server (App B) and can send data via the socket which makes the server app jump to a function which can alter the behavior of the socket server application (App B). This approach is using buffer overflow and is one way to call a function that can change the memory integrity of the running process B. This is one way to achieve a successful attack. If this is accepted then we can use the mechanism for our experiments.

I am not sure if this may be directly applicable to our case. Here App B may be a CPS controller application which may or may not have buffer overflow vulnerabilities. I was thinking we can go for a more direct form of attack where we assume attacker gains control of App A with su privileges and can directly overwrite App B memory without necessarily having to exploit a weakness in App B.

Hope that makes sense.

@antonhristozov, of course, please feel free to stick in the buffer overflow attack as well in perhaps a memsafety folder within the tests-and-evaluation.git repo. That might come in handy at some point when we want to demonstrate memory safety properties (such as buffer overflow).

Thanks!

Came across the following while on this thread:

Might be helpful as we make progress. Thanks!

I read this post and it looks straightforward on how to modify the heap of a running process by knowing it process ID and using the /proc filesystem. I will try to reproduce the example first and then move this code to the repository.

Super. Thanks a bunch @antonhristozov!

https://github.com/uberspark/tests-and-evaluation was created.
I ported the example from here:
https://medium.com/@holdengrissett/linux-101-how-to-hack-your-process-memory-2514a3d0778d
The Python file had a run time error which I fixed.
Ran the test successfully as presented on the website.
Created a README.txt file with detailed instructions on how to use this test.
Looks one definite possibility, because of its simplicity.

Great. Thanks @antonhristozov!

I have setup the repository https://github.com/uberspark/tests-and-evaluation.git such that further updates will need to be done via pull-requests (PR). This will allow us to keep track of future changes and review before merging.

I am closing this task thread.

Thanks!